Question
How to route certain public traffic through private network
So I have three servers, all three of them have bidirectional communication with each peer but only two of them are on the same shared private network.
Server A - network 1
public ip = 168.11.111.111
private ip = 10.11.111.111
Server B - network 1
public ip = 168.22.222.222
private ip = 10.22.222.222
Server C - network 2
public ip = 168.33.333.333
My application uses the public ip for binding sockets to, but I feel like it’s possible to use iptables to configure traffic to traverse through the private network for certain static IPS that are known to be in the same private network.
I did a ton of research about iptables, and I finally thought I came up with the correct scripts but I still can’t seem to get traffic to travel correctly.
So for my server a configuration I have
PRIVATE_A_IP=10.11.111.111
PUBLIC_A_IP=168.11.111.111
PRIVATE_B_IP=10.22.222.222
PUBLIC_B_IP=168.22.222.222
// redirect incoming packets for private ip to become input for public ip on the eth0 interface
iptables -t nat -A PREROUTING -d ${PRIVATE_A_IP} -i eth0 -j DNAT --to-destination ${PUBLIC_A_IP}
// redirect traffic meant for public b to be sent to private b on eth1 interface
iptables -t nat -A OUTPUT -d ${PUBLIC_B_IP} -o eth1 -j DNAT --to-destination ${PRIVATE_B_IP}
// change source of outgoing traffic to private b to say source is from private a, still eth1 interface
iptables -t nat -A POSTROUTING -d ${PRIVATE_B_IP} -o eth1 -j SNAT --to-source ${PRIVATE_A_IP}
then since it’s bidirectional i’d do the inverse for server b
iptables -t nat -A PREROUTING -d ${PRIVATE_B_IP} -i eth0 -j DNAT --to-destination ${PUBLIC_B_IP}
iptables -t nat -A OUTPUT -d ${PUBLIC_A_IP} -o eth1 -j DNAT --to-destination ${PRIVATE_A_IP}
iptables -t nat -A POSTROUTING -d ${PRIVATE_A_IP} -o eth1 -j SNAT --to-source ${PRIVATE_B_IP}
I’m pretty certain I’m doing this correct after researching NAT/iptables all weekend, is there something I’m missing?